In the use of Information Technology, the protection of personal data is generally regarded as a part of privacy rights, which have the following meanings: (i) personal rights are the rights to enjoy a private life and be free from all kinds of interference; (ii) privacy rights are the rights to be able to communicate with other people without spying; (iii) privacy rights is the right to monitor access to information about a person’s personal life and data.1
Personal information includes everything related to a person’s personal data, for example biometric data such as height, weight, blood type, fingerprint, retina, DNA, or other health conditions, or immigration travel data, criminal history, education, bank accounts, telephone number, and other personal data attached to the individual.
In essence, when the information is not tied to the individual who has the information, then the information can only be said to be not personal information.2
Along with the development of technology, the misuse and theft of personal data is a phenomenon that often occurs. One of the causes of the misuse and theft of personal data is our own negligence when dealing with our own information, especially in our daily activities whilst using the Internet.
Some examples that often occur are: (i) providing personal data to the seller when buying a SIM card; (ii) downloading unsafe applications; (iii) attaching personal data in platforms or other forms, which can be misused by various parties and potentially may cause harm to the data owner. Therefore, Article 26 paragraph 1 of Law Number 11 of 2008, as amended by Law Number 19 of 2016 (ITE Law), stipulates that the use of any information through electronic media concerning a person’s personal data must be carried out with the consent of the person concerned, unless stipulated differently by laws and regulations.
If this provision is violated, then everyone whose rights are violated have the right to file claims for compensation against the party who used personal data without consent.3 Personal Protection is also regulated in the Regulation of the Minister of Information and Communication Number 20 of 2016 concerning Protection of Personal Data in Electronic Systems (Permenkominfo 20/2016) which explains that data owners can submit complaints to the Ministry of Communication and Information for the failure to protect the confidentiality of personal data.4
The government can also impose administrative sanctions on any party who misuses personal data in the form of a:5
With the existence of a legal basis for sanctions and punishments against wrongdoers, the community, especially data owners, can now expect a sense of security and comfort for data owners. Hopefully, this legislation will deter the crimes of misuse and theft of personal data and information. KBA/FDH